Received: by 2002:a05:6a10:6006:0:0:0:0 with SMTP id w6csp1129226pxa; Fri, 28 Aug 2020 04:42:10 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxCaMhXTM0JNYP8bGl9qM1wwOEyF5zYiSo1s+9JEshVJHa9E5Vo3WjN6r+9Iwdt9s33s+/M X-Received: by 2002:a17:906:2686:: with SMTP id t6mr1331097ejc.406.1598614930693; Fri, 28 Aug 2020 04:42:10 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1598614930; cv=none; d=google.com; s=arc-20160816; b=gyalzbUG9E8o7vNoEX2Eg9Sd5NbwIm1d8EJLkiXZHqsmBefClFc3flyrgiB/bLSsxX gxqCIHjWNPjFHiWyUm/IFuT6gEICbUMdn7RMMPUBLmrARU/SHq7JNh2c6ZmfU0IAISE2 pdnCll4mQoAF5Cp/D9uN6SnaVzWEp+QfExKg443rxuM5CP3iM3jD7S1B88mrBExKimED HmKcRFIX1dzMBDcB7Ngp86UJrplK3pGpcaEirfNc9Bfcj/cDG7bu1JLLrUttT8x/kZZa +jPQVzNMVa1ZmsBu6UpZ1vNMcMHW/fVa0s0kF1FlKpxdSkblBTpXq3YsWiFeF7mNk64F Av/A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature; bh=+4JiaYoS0HndrreBr2XTvIDvJUjGSip4KNY5rXBxq20=; b=cseP03bX7qb4Eag2rC5FW7gcRGDjiEDHRsvS3GUb3ca9ZKuogbN8gPbOUV7TaUSIRc fK4RQC07a/CJGRQvUCplXo/A0b1cK1oiCSeyeaIjIMYu0BpBPVAWw9MnFZbFQGOPEtrl +pKV+jYXT7S+8vnZH8+xi9uVUWPYGsplNiS+Zivil5oa8XV/znir5uxcYJXP8pdSGTms ZfHlznoB7FVpxXllYqdBPVIFj/+dJKsnwpYBQYNDn+xtkfYbmqVIGG98SEa2XI7ehGC/ x8nBZd6ZIsNywKZN7Y7C2HvtH2zve1P6sqDt7Et3pnyfTMI+XLB7PijeJwW2sTOsvu5z OZFA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=PjUoFCsQ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id w13si387663edt.439.2020.08.28.04.41.48; Fri, 28 Aug 2020 04:42:10 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=PjUoFCsQ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729123AbgH1Lju (ORCPT + 99 others); Fri, 28 Aug 2020 07:39:50 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57226 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729259AbgH1Lgl (ORCPT ); Fri, 28 Aug 2020 07:36:41 -0400 Received: from mail-wm1-x343.google.com (mail-wm1-x343.google.com [IPv6:2a00:1450:4864:20::343]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 88F92C061264 for ; Fri, 28 Aug 2020 04:12:29 -0700 (PDT) Received: by mail-wm1-x343.google.com with SMTP id s13so559925wmh.4 for ; Fri, 28 Aug 2020 04:12:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=+4JiaYoS0HndrreBr2XTvIDvJUjGSip4KNY5rXBxq20=; b=PjUoFCsQIiBw798tVdvlNcVfbGwaZ/NnQkuUreKmIJcf5Eic+xteObdrqCyCZLeMyH FknyTtV0W5zJXvj7kzAoI3BIAg0CuJy7+gs6Zo1vIgbJprPCFQiE2l+SuC8KDyUZWI/o b2oUIMGaJnsushXZ5ogsjyadieMxykjFFQJ+bh5GWS3Sx/e0vBYbtHmmsdOs3ByvsKIm v8mDvcvYnc4Gk4isSC5pdnoKIeGF8Y8VOT1JzbT23keLO5XM5PldL8V2sPPwWRJH6NHB pb4c6SN/cYoYJiRFXjm1yXkl3SQ2pIrReBIj3VQJcJJeF8YQZtOwgV70/KmzKF7yfUzi nwtg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=+4JiaYoS0HndrreBr2XTvIDvJUjGSip4KNY5rXBxq20=; b=SUXkMQTdExyXDMZo07QOM0P3Ku50TgGqsO4gsqlOMSA149vIhoinASCDaXldwoQyDr XCP5fhfIiqB54jNNclzPGJVQQAgZkEtHvNHnKl4UwEud5kOBEdf483cqQLPK4/c61Y18 7f1fvW7ZIm9A2QV+YUD1bocFWV3+X9Ynm33o+aF0wvSDMfpZJTb+LqdGtif3HZRsuU7K z4bTr/tNvFhUcOyvjTdwx1fP8QzH5Ls8wpgK/crdcZ3ZoKnNZxgE3A2IWd3Oj+oh0q+i eAE0tZzWVTMkjSmHtxBJtlcPdPNKF/1OBAlXIeBAmViVLOu2KH6b2WwBBIi52P7hWxcb bWRQ== X-Gm-Message-State: AOAM53188jRrGYWXaoh6rvtuvqHOv3w+xVn1PhJGtYNZ/3s/DX3QmjXz lxtVVkP0p6duZeVepEUKAl15+w== X-Received: by 2002:a1c:ed0e:: with SMTP id l14mr1090553wmh.140.1598613147805; Fri, 28 Aug 2020 04:12:27 -0700 (PDT) Received: from elver.google.com ([100.105.32.75]) by smtp.gmail.com with ESMTPSA id o128sm1639658wmo.39.2020.08.28.04.12.26 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 28 Aug 2020 04:12:26 -0700 (PDT) Date: Fri, 28 Aug 2020 13:12:21 +0200 From: Marco Elver To: Andrey Konovalov Cc: Dmitry Vyukov , Vincenzo Frascino , Catalin Marinas , kasan-dev@googlegroups.com, Andrey Ryabinin , Alexander Potapenko , Evgenii Stepanov , Elena Petrova , Branislav Rankov , Kevin Brodsky , Will Deacon , Andrew Morton , linux-arm-kernel@lists.infradead.org, linux-mm@kvack.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH 35/35] kasan: add documentation for hardware tag-based mode Message-ID: <20200828111221.GA185387@elver.google.com> References: <5d0f3c0ee55c58ffa9f58bdea6fa6bf4f6f973a4.1597425745.git.andreyknvl@google.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <5d0f3c0ee55c58ffa9f58bdea6fa6bf4f6f973a4.1597425745.git.andreyknvl@google.com> User-Agent: Mutt/1.14.4 (2020-06-18) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Aug 14, 2020 at 07:27PM +0200, Andrey Konovalov wrote: > Add documentation for hardware tag-based KASAN mode and also add some > clarifications for software tag-based mode. > > Signed-off-by: Andrey Konovalov > --- > Documentation/dev-tools/kasan.rst | 73 +++++++++++++++++++++---------- > 1 file changed, 51 insertions(+), 22 deletions(-) > > diff --git a/Documentation/dev-tools/kasan.rst b/Documentation/dev-tools/kasan.rst > index a3030fc6afe5..aeed89d6eaf5 100644 [...] > -Tag-based KASAN uses the Top Byte Ignore (TBI) feature of modern arm64 CPUs to > -store a pointer tag in the top byte of kernel pointers. Like generic KASAN it > -uses shadow memory to store memory tags associated with each 16-byte memory > -cell (therefore it dedicates 1/16th of the kernel memory for shadow memory). > +Software tag-based KASAN uses the Top Byte Ignore (TBI) feature of modern arm64 > +CPUs to store a pointer tag in the top byte of kernel pointers. Like generic > +KASAN it uses shadow memory to store memory tags associated with each 16-byte > +memory cell (therefore it dedicates 1/16th of the kernel memory for shadow > +memory). It might be helpful to be more specific vs. saying "modern arm64 CPUs". Does the "modern" qualifier suggest not all arm64 CPUs support the feature? (HW tag-based KASAN below is specific, and mentions ARMv8.5.) > +On each memory allocation software tag-based KASAN generates a random tag, tags > +the allocated memory with this tag, and embeds this tag into the returned > +pointer. > > -On each memory allocation tag-based KASAN generates a random tag, tags the > -allocated memory with this tag, and embeds this tag into the returned pointer. > Software tag-based KASAN uses compile-time instrumentation to insert checks > before each memory access. These checks make sure that tag of the memory that > is being accessed is equal to tag of the pointer that is used to access this > -memory. In case of a tag mismatch tag-based KASAN prints a bug report. > +memory. In case of a tag mismatch software tag-based KASAN prints a bug report. > > Software tag-based KASAN also has two instrumentation modes (outline, that > emits callbacks to check memory accesses; and inline, that performs the shadow > @@ -215,9 +222,31 @@ simply printed from the function that performs the access check. With inline > instrumentation a brk instruction is emitted by the compiler, and a dedicated > brk handler is used to print bug reports. > > -A potential expansion of this mode is a hardware tag-based mode, which would > -use hardware memory tagging support instead of compiler instrumentation and > -manual shadow memory manipulation. > +Software tag-based KASAN uses 0xFF as a match-all pointer tag (accesses aren't > +checked). > + > +Software tag-based KASAN currently only supports tagging of slab memory. > + > +Hardware tag-based KASAN > +~~~~~~~~~~~~~~~~~~~~~~~~ > + > +Hardware tag-based KASAN is similar to the software mode in concept, but uses > +hardware memory tagging support instead of compiler instrumentation and > +shadow memory. > + > +Hardware tag-based KASAN is based on both arm64 Memory Tagging Extension (MTE) > +introduced in ARMv8.5 Instruction Set Architecture, and Top Byte Ignore (TBI). Is there anything inherently tying tag-based KASAN to arm64? I guess if some other architecture supports MTE, they just have to touch arch/, right? You could reword to say that "Hardware tag-based KASAN is currently only supported on the ARM64 architecture. On the ARM64 architecture, tag-based KASAN is based on both ..." Thanks, -- Marco